https://pulumi.com logo
Powered by
#typescript
Title
# typescript
a

agreeable-window-77899

06/01/2022, 10:25 AM
Hello folks, I am using 
new awsx.ec2.Vpc
to create a VPC for my application and I need to get the security group id which Pulumi Crosswalk automatically creates so that I can attach the security group to my RDS instance. What is right way to fetch the auto-created security group details in Pulumi? Do I have to explicitly create the Security group on my own to do this?
l

little-cartoon-10569

06/01/2022, 9:23 PM
Which security group are you looking for? I wasn't aware that AWSX created one. It creates an IG, subnets, one route table with routes per subnet, and one NAT per private subnet. That's all, I think?
AWS creates a default security group for a VPC. That's not Pulumi code though, AWS does that internally.
You can get that from a VPC via its defaultSecurityGroupId property. Like this:
Copy code
const defaultSg = aws.ec2.getSecurityGroup("default", vpc.vpc.defaultSecurityGroupId);
Be aware that managing this from Pulumi code isn't feasible, since you'd need to dynamically import it once and then never import it again. That pretty much requires manually editing the code. I recommend defining your own security group and ignoring the default one.
a

agreeable-window-77899

06/02/2022, 7:29 AM
hi @little-cartoon-10569 Thanks for your input. I am creating a VPC with AWSX and then a Fargate cluster and an RDS. It looks like a security group with a description of 
Managed by Pulumi
is automatically created and assigned to the Fargate Service by Pulumi. I need to assign the same security group to the RDS so that the Fargate cluster can access the database. That is the reason I want to programatically pull the security group details. And I do see the 
default
security group that you mentioned. But in this case the Fargate custer is auto assigned to the security group which is 
Managed by Pulumi
May be the best option is to create the security group on my own. Since I am quite new to this I was trying to avoid that..
l

little-cartoon-10569

06/02/2022, 8:48 PM
automatically created and assigned to the Fargate Service by Pulumi. I need to assign the same security group to the RDS so that the Fargate cluster can access the database
That doesn't sound right. An SG can't automatically access things from other resources with the same SG. Are you sure you don't need to create a new SG that permits access from this automatically-created SG?
2 Views
Powered by